System and Method for Secure Distribution and/or Storage of Data Files with Long Term File Integrity Verification

ABSTRACT

Systems and methods for securely uploading, distributing, managing and/or storing any type of data file within a subscriber-based system maintained by a third party administrator are disclosed. The subscriber-based system acts as an electronic repository to ensure that data files remain intact, secure, and unaltered from their original form. Systems and methods for long term verification of data file integrity using checksum records stored in a public checksum directory are also disclosed.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of U.S. patent applicationSer. No. 13/475,685 filed May 18, 2012 and entitled “SYSTEM AND METHODFOR SECURE DISTRIBUTION AND/OR STORAGE OF DATA FILES WITH LONG TERM FILEINTEGRITY VERIFICATION,” which claims the benefit of U.S. ProvisionalPatent Application No. 61/488,052, also entitled “SYSTEM AND METHOD FORSECURE DISTRIBUTION AND/OR STORAGE OF DATA FILES WITH LONG TERM FILEINTEGRITY VERIFICATION” filed on May 19, 2011, both of which areincorporated by reference herein for all purposes.

TECHNICAL FIELD

The present disclosure relates generally to systems and methods forsecurely uploading and distributing data files within a subscriber-basedsystem maintained by a third party administrator; for securely storingand managing such data files within the subscriber-based system as anelectronic repository keeping the data files intact and unalterable,with no access to the content of the data files by the third partyadministrator; and for long term verification of data file integritythrough the subscriber-based system, regardless of whether the data fileis still stored on the subscriber-based system, and regardless ofwhether the third party administrator is still in business or the systemotherwise exists.

BACKGROUND

Important business and personal data has conventionally been maintainedin different formats, including paper files and electronic files.Traditional distribution methods for such data files, including regularmail, facsimile and electronic mail (e-mail), for example, may allow thedata files to be accessed or retrieved by someone other than theintended recipient. Likewise, traditional storage systems, such as filerooms and electronic networks, for example, may allow the data files tobe tampered with or altered from their original form. Traditionalstorage methods may also involve storing such data files in a variety ofdifferent formats and in different physical or electronic locations,which precludes efficient data aggregation, mining, searching and/orlinking of such data files.

SUMMARY

Embodiments of the present disclosure generally provide systems andmethods for securely uploading and distributing data files within asubscriber-based system maintained by a third party administrator.

Embodiments of the present disclosure also generally provide systems andmethods for securely storing and managing data files within thesubscriber-based system as an electronic repository to ensure the filesremain intact, secure, and unalterable from their original form, with noaccess to the content of the data file by the third party administrator.

Embodiments of the present disclosure further generally provide systemsand methods for long-term verification of data file integrity throughthe subscriber-based system, regardless of whether the data file isstill stored on the subscriber-based system, and regardless of whetherthe third party administrator is still in business or the systemotherwise exists.

In an embodiment, the present disclosure provides a subscriber-basedsystem comprising a secure computer server and desktop software and/orenterprise software to manage data files and the content thereof Invarious embodiments, such management may comprise, for example, datafile transfers, deletions, encryption/decryption, synchronization, dataaggregation, integrity verification, content analysis, structurecontrol, sorting, querying, hyper linking and accounting.

In an embodiment, the subscriber-based system further comprises a publiccomputer server with one or more open and publicly accessibledirectories, including a checksum records directory.

In an embodiment, the present disclosure provides a method forestablishing an anonymous account with the subscriber-based system bysetting a username, a password, and a system identification (ID) thatmay also be used as a public key for optional public key dataencryption.

In another embodiment, the present disclosure provides a method forestablishing an identity account with the subscriber-based system undera user's own name. The identity account may be established by presentingto a registered agent of the subscriber-based system sufficient forms ofpositive identification that may be linked to the username, password,and system ID associated with the subscriber's identity account.

In an embodiment, the present disclosure provides a method for anaccount holder of a subscriber-based system to upload a data file to thesystem. The account holder may further encrypt the data file beforeuploading. Once uploaded, the data file may be stored in the accountholder's dedicated directory on the system, distributed to one or moreother account holders' dedicated directories on the system, ordownloaded from the system, all with no ability to alter its content.

In an embodiment, the method may further comprise associating trackinginformation with the data file, such as system ID numbers/public keys, adata description, a time stamp, and a date stamp, for example.Associating tracking information with the data file may be performed bya third party administrator that maintains the subscriber-based systemrather than by an account holder on the system.

In an embodiment, the method may further comprise creating a checksum ofan uploaded data file, associating the checksum with trackinginformation for the data file, and maintaining a checksum recordcomprising the checksum with the tracking information in a publiclyaccessible checksum directory on the system.

In various embodiments, the present disclosure provides systems andmethods for one account holder of a subscriber-based system todistribute to another account holder of the subscriber-based system anytype of data file, such as: purchase transaction records; financialstatements; merchant discounts and offers; invoices; mail; governmentdocuments; voting ballots; medical records; insurance records; legalrecords; and music, books, movies and other digital media, for example.In an embodiment, account holders may control which of such distributeddata files are received into their directories by allowing or blockingdata file distribution based on the identity of the sending accountholder or the type of data file.

In various embodiments, the present disclosure further provides systemsand methods for an account holder of a subscriber-based system to storeand manage any type of data file in the account holder's dedicateddirectory of the subscriber-based system.

The present disclosure further provides systems and methods for anaccount holder of the subscriber-based system to download any type ofdata file to the account holder's registered computer. Once downloaded,the data file may be deleted from the subscriber-based system. In anembodiment, a checksum record of the data file remains stored in thechecksum directory on the system for long term verification of data fileintegrity, regardless of whether the data file is still stored on thesubscriber-based system. In another embodiment, a copy of the checksumrecord of the data file is provided to a subscriber for long termverification of data file integrity, even if the third partyadministrator is out of business or the system otherwise ceases toexist.

In still another embodiment, the present disclosure provides systems andmethods for completing secure financial transactions between parties,either anonymously or under a user's own name. Such secure financialtransactions may comprise payments to merchants or other entitiesthrough the subscriber-based system, for example.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present disclosure and itsfeatures, reference is now made to the following description, taken inconjunction with the accompanying drawings, in which:

FIG. 1 is a schematic illustration of a subscriber-based system inaccordance with one embodiment of the present disclosure;

FIG. 2 is a flowchart of one embodiment of a method for establishing ananonymous account with the subscriber-based system of FIG. 1;

FIG. 3 is a flowchart of one embodiment of a method for establishing anidentity account with the subscriber-based system of FIG. 1;

FIG. 4 is a flowchart of one embodiment of a method for uploading,distributing, storing and downloading a data file using thesubscriber-based system of FIG. 1;

FIG. 5 is a flowchart of one embodiment of a method for long termverification of data file integrity using the subscriber-based system ofFIG. 1; and

FIG. 6 is a flowchart of one embodiment of a method for making a paymentthrough the subscriber-based system of FIG. 1.

DETAILED DESCRIPTION

The present disclosure relates generally to systems and methods forsecurely uploading and distributing data files within a subscriber-basedsystem maintained by a third party administrator; for securely storingand managing such data files within the subscriber-based system as anelectronic repository keeping the data files intact and unalterable,with no access to the content of the data files by the third partyadministrator; and for long term verification of data file integritythrough the subscriber-based system, regardless of whether the data fileis still stored on the subscriber-based system, and regardless ofwhether the third party administrator is still in business or the systemotherwise exists. In some embodiments, keeping the data files intact andunalterable may include allowing read-only access to the data file,restricting the ability of users to alter the data file (e.g., throughpassword protection), and/or through the use of a restricted file format(e.g., a noneditable pdf file).

FIG. 1 is a schematic illustration of a subscriber-based system 100according to an embodiment of the present disclosure. It should beunderstood that the subscriber-based system 100 shown in FIG. 1 is forillustrative purposes only and that any other suitable system orsubsystem could be used in conjunction with, or in lieu of,subscriber-based system 100 according to the present disclosure.

In an embodiment, subscriber-based system 100 may comprise a securecomputer server 110 with multiple dedicated directories 120, 130, 132,134 assigned to system subscribers, such as User A and User B, forexample. In a representative example, User A may have a single dedicateddirectory 120 and User B may have multiple dedicated directories 130,132, 134 on the server 110. In some embodiments, the data 112 such asthe directories, 120, 130, 132, 134 may be stored on a memory 114 of theserver 110. The memory 114 may also store instructions 116 such as anoperating system and/or software modules executable by a processor ofthe server 110. The memory 114 may also store a management module 118.

The management module 118 may perform services for subscribers, such asfacilitating the secure management of data; facilitating communicationsbetween users of the subscriber-based system, and/or receive informationfrom users and non-users of the subscriber-based system. In someembodiments, the management module 118 may receive data files fromusers, restrict access to the data files, create data integrity records,create tracking information, associate other data with received and/orstored data files, and/or transmit data for storage in a memory of theserver or other memories. In some embodiments, the management module 118may transmit data such as the data file, the data integrity record,identity files, and other files to devices (e.g., computers, portablememory devices, and/or smartphones) of users and/or non-users. Themanagement module 118 may transmit data such as the data file, the dataintegrity record, identity files, and other files to various memoriesfor storage. The management module 118 may restrict access to the datafile and/or restrict transmission of the data file. For example, themanagement module 118 may restrict transmission of the data file toanother user based on preferences (e.g., sender identity, type of file,etc.). The preferences may be defined by the user receiving the datafile and/or the user transmitting the file. The management module 118may also instruct that data is removed from the memory 114 of the server110 or other memories communicably coupled to the server 110.

The server 110 may also include a communication interface that allowsthe system 100 to communicate with other systems and/or memories. Forexample, the subscriber-based system 100 may retrieve data from arepository for analysis. The server may also include a presentationinterface to present, for example, data integrity files and/or otherinformation.

Subscriber-based system 100 may further comprise a public computerserver 115 with multiple directories 180, 190 that are open and publiclyavailable to non-subscribers to the system 100, such as Non-User C, forexample. As an example, a repository may be accessible by users andnon-users, who may view, download, and/or save files in the repository.In an embodiment, the public computer server 115 may comprise a checksumdirectory 180 for verification of the integrity of data files uploadedto the secure computer server 110, as described in more detail herein.In an embodiment, the public computer server 115 may further comprise anopen phonebook directory 190, available for review by subscribers andnon-subscribers alike, wherein User A and User B may optionally elect topost their names, addresses, phone numbers, email addresses, publicencryption keys, and other information, for example. In an embodiment,the public computer server 115 may also be configured to enablenon-subscribers to the system 100, such as Non-User C, to post theirinformation to the open phonebook directory 190.

The subscriber-based system 100 may further comprise registeredsubscriber computers 140, 150, 160, each approved to connect to thesecure computer server 110, and each associated with particular userdirectories 120, 130, 132, 134. In a representative example, User Acomputer 140 is associated with User A directory 120, User B computer150 is associated with User B directories 130, 132, and User B computer160 is associated with User B directory 134.

The subscriber-based system 100 may further comprise one or morenon-subscriber computers 175, each approved to connect to the publiccomputer server 115 to access the open and publicly availabledirectories 180, 190 on the system 100. In a representative example,Non-User C computer 175 is operable to connect to public directories180, 190 on the public computer server 115.

As used herein, the terms “server” and/or “computer” encompasses thebroadest possible meaning of the term and includes, without limitation,a single personal computer (such as a desktop computer, laptop computer,notebook computer, tablet computer, hand-held computer, personal digitalassistant (PDA), and smart phone, for example), a network of personalcomputers, a single enterprise computer, and a network of enterprisecomputers, etc.

In an embodiment, a connection between the registered subscribercomputers 140, 150, 160 and the server 110 is accomplished throughproprietary desktop and/or enterprise software 170. In particular, eachof the registered subscriber computers 140, 150, 160 may be loaded withproprietary desktop and/or enterprise software 170 that mayautomatically synchronize with the secure computer server 110 whenever asubscriber is connected to the server 110 via the Internet.

As described in more detail herein, connection to the server 110 enablessubscribers to upload and download data files to and from thosedirectories 120, 130, 132, 134 that are associated with each of theregistered computers 140, 150, 160. In FIG. 1, arrows 142, 152, 162represent the operation of uploading data files and arrows 144, 154, 164represent the operation of downloading data files. Uploaded data filesmay be encrypted at the subscriber computer 140, 150, 160 before beinguploaded, and downloaded data files may be decrypted at the subscribercomputer 140, 150, 160 after being downloaded.

Further, as described in more detail herein, when a data file isuploaded to the secure computer server 110, the system 100 may create achecksum for the data file, associate that checksum with trackinginformation for that data file to create a data integrity record such asa checksum record, and then transfer 185 the checksum record to publiccomputer server 115 for long term storage in public checksum directory180. Since the checksum directory 180 resides on the public computerserver 115, both subscribers and non-subscribers to the system arepermitted to access the public checksum directory 180 to verify datafile integrity.

Although a data integrity test including a checksum has been describedto verify the data file integrity, other data integrity tests may becreated and/or utilized by the system. For example, data integrity testsmay include checksum, cyclic redundancy checks, parity, and/orcryptographic hashes.

Uploaded data files may be addressed for distribution to anothersubscriber's directory. As a representative example, a data fileuploaded 142 from User A computer 140 to User A directory 120 on thesecure computer server 110 may be addressed for distribution by thesystem 100 to User B directory 130, as represented by arrow 125 inFIG. 1. In an embodiment, subscribers to the system can control whichother users are permitted to distribute data files to the subscriber'sdirectories and over which types of data files may be distributed to thesubscriber's directories. In the present example, User B has not barredreceipt of data files from User A nor the type of data file that User Ais distributing to User B, so the data file distribution 125 from User Adirectory 120 to User B directory 130 is completed.

It is contemplated that the subscriber-based system 100 of FIG. 1 willbe universal in that it will allow any individual or entity that meetsthe terms of use to subscribe to the system 100 and upload, store,distribute and/or download any type of data file to the secure computerserver 110. The system 100 also provides a secure repository for datafiles since the third party administrators of the system 100 have noaccess to data content unless the data files are not encrypted. Further,the system 100 provides a public checksum directory 180 to enable longterm verification of data file integrity, regardless of whether the datafile has been deleted from the system, and regardless of whether thethird party administrator remains in business and/or the system continueto exist, as described in more detail herein.

FIG. 2 depicts a flowchart of a method 200 for establishing an anonymoususer account with the subscriber-based system 100 according to anembodiment of the present disclosure. In describing the method 200 ofFIG. 2, reference may be made to FIG. 1 for clarity purposes. It shouldbe understood that the method 200 reflected in FIG. 2 is forillustrative purposes only and that any other suitable method stepscould be used in conjunction with, or in lieu of, the steps of method200 according to the present disclosure.

The method 200 begins at step 210 when a user, such as User B, accessesa website associated with the subscriber-based system 100 using acomputer that will be deemed a registered subscriber computer 150, 160by the system 100 once the account is established.

At step 220, the user accesses an account set-up screen on the websitewhere the user is prompted to type in a username, a password, and asystem identification (ID), each of which may require certaincharacteristics, such as a specific length, numbers only, a combinationof letters and numbers, any type of alphanumeric characters, etc. Theuser remains anonymous and is assured a level of privacy since nopersonal data is required during this step. Once the username, password,and system ID are set at step 220, the anonymous account is establishedand a directory 130, 132 or 134 is assigned to the account for User B.

In an embodiment, the subscriber's system ID may also act as a publickey for encryption/decryption of data files. In more detail, thesubscriber may use known public key encryption technology software togenerate a matching public key and private key, or to associate auser-generated public key with a user-generated private key, forencrypting and decrypting data. Thus, in some embodiments, thesubscriber may encrypt data files for distribution to other users whilestill maintaining anonymous status (e.g., personal data about thesubscriber may not be distributed to other users of the system). Forexample, an anonymous user may upload a data file encrypted, usingpublic key/private key technology based on the subscriber's systemidentification rather than personal data, to the system for purchase byand distribution to other anonymous subscribers and/or othersubscribers. In some embodiments, an anonymous subscriber may distributean encrypted data file to another anonymous subscriber and both partiesmay retain their anonymous status.

The subscriber retains his private key separate and apart from thesystem 100, but submits the public key to the system 100 as thesubscriber's system ID. Other account holders in the system may then usethe subscriber's system ID/public key to encrypt data files that areuploaded to the system for distribution to the subscriber, who can thendownload copies of the data files and use the private key known only tothe subscriber to decrypt them. Other account holders in the system mayalso establish their own system IDs/public keys associated withindividual private keys.

At step 230, the subscriber may obtain a system ID/public key device foruse in transactions and data file transfers with other account holdersin the system, such as individuals, merchants, businesses, andgovernment entities, for example.

In an embodiment, the system ID/public key device comprises a bar codesuitable for scanning that may be printed onto a sheet of paper ordisplayed on a hand-held computer, for example. In another embodiment,the system ID/public key device comprises a Radio-FrequencyIdentification (RFID) chip with the information encoded thereon. Inanother embodiment, a credit card number is set as a substitute for thesystem ID/public key, and the system ID/public key device is the creditcard itself. When a credit card is used as the system ID/public keydevice, the party who accepts the credit card for a transaction will usethe desktop and/or enterprise software 170 to look up the actual systemID/public key on the system server 110. Many other types of devices maybe used for providing a system ID/public key to other account holdersfor adding to a transaction record or other data file. Once thesubscriber obtains the system ID/public key device at step 230, themethod 200 for establishing an anonymous user account ends at step 240.

An anonymous user account established via method 200 may be used forreceiving, storing and managing many types of unalterable, data files.However, in some cases, subscribers may want/need to establish anaccount under their own name so that senders and recipients can verifythe identity of the person or entity to whom or from whom data files arebeing distributed.

FIG. 3 depicts a flowchart of a method 300 for establishing an identityaccount with the subscriber-based system 100 under a user's own nameaccording to an embodiment of the present disclosure. In describing themethod 300 of FIG. 3, reference may be made to FIG. 1 for claritypurposes. It should be understood that the method 300 reflected in FIG.3 is for illustrative purposes only and that any other suitable methodsteps could be used in conjunction with, or in lieu of, the steps ofmethod 300 according to the present disclosure.

The method 300 begins at step 310 when a user, such as User B,establishes another subscriber account with the subscriber-based system100 following the method 200 of FIG. 2. The account established in step310 requires a new and unique system ID/public key from any anonymousaccounts. In an embodiment, an identity account established according tomethod 300 is separate and distinct from any established anonymousaccounts 130, 132, 134, and the system 100 has no record of any linkbetween the identity account and such anonymous accounts 130, 132, 134.

In step 320, the subscriber may present to a registered agent of thesystem 100 the identity account information established in step 310along with documentation verifying the identity of the subscriber. Suchdocumentation may include, but is not limited to, a driver's license, asocial security card, a birth certificate, and other legal documentsthat verify the legal name, mailing address, date and place of birth,and any other identity information that the subscriber would like tohave certified on the system 100. The registered agent may record aphysical address for mail through the postal service and an electronicaddress using existing protocols.

Each registered agent may be assigned a public key and a private key bythe system 100, and administrators of the system 100 may maintaindocumentation of these assigned public/private keys. In step 330, theregistered agent may create separate data files for specific identityelements based on the identity documents provided by the subscriber.Such separate data files may comprise identity elements such as namewith Social Security number and/or name with address, for example. Theseseparate identity data files are encrypted with the agent's private key,then encrypted with the subscriber's public key, then uploaded into theagent's designated directory on the server 110.

In step 340, the registered agent may authorize the secure computerserver 110 to distribute the encrypted identity data files from theagent's designated directory to the designated directory associated withthe subscriber's identity account. Security measures will ensure thatthe registered agent is the source of the transmitted data.

In step 350, the subscriber may download the encrypted identity datafiles, decrypt the data file with his own private key, decrypt the datafile with the registered agent's public key, and verify the accuracy andcompleteness of the identity data. The subscriber will then notify theregistered agent of any errors. Otherwise, the subscriber keeps a copyof identity data files, which are encrypted with the registered agent'sprivate key.

In step 360, when the subscriber wants to share the verified identitydata with another party, the subscriber may then upload the identitydata files, encrypted with the other party's public key, to thesubscriber's identity account directory for access by or distribution tothe other party.

In step 370, the other party may access the subscriber's identity datafiles by decrypting the confirmation with the other party's private key,then with the registered agent's public key. Decrypting the identitydata files with the registered agent's public key confirms to the otherparty that the identity data files were created and verified by theregistered agent since such decryption would only be possible if theidentity data files were encrypted by the registered agent's privatekey. The method 300 ends at step 380.

In an embodiment, the identity data files established via method 300reside within the subscriber's identity account directory, encryptedwith the registered agent's private key. Alternatively, the identitydata files encrypted with the registered agent's private key may bemaintained by the subscriber separate and apart from the system 100. Thecertified identity data file, as described, may preclude the need fortraditional third party digital certificates.

Entity subscribers to the system 100 could benefit from establishingidentity accounts for verifying the source and recipient of, and theintegrity of, important business records in a single, secure server 110where the documents cannot be deleted or altered. Such identity accountscould be used for sales people placing orders, accounts receivable andpayable, employees submitting expense reports, human resources records,and any other data file that the business desires to maintain in anunaltered state. In an embodiment, the system 100 and the methodsdescribed herein may be used for legal compliance in the maintenance ofrecords.

FIG. 4 is a flowchart of one simplified, representative embodiment of amethod 400 for uploading, distributing, storing and downloading anencrypted, data file using the subscriber-based system 100 of FIG. 1according to an embodiment of the present disclosure. In describing themethod 400 of FIG. 4, reference may be made to FIG. 1 for claritypurposes. It should be understood that the method 400 reflected in FIG.4 is for illustrative purposes only and that any other suitable methodsteps could be used in conjunction with, or in lieu of, the steps ofmethod 400 according to the present disclosure. Users, in someembodiments, may be anonymous users and/or users with identity accounts.

Referring now to FIG. 1 and FIG. 4, the method 400 begins at step 410where a subscriber of the system 100, such as User A, optionallyencrypts a data file in preparation for uploading 142 the data file tothe secure computer server 110 of the system 100. In an embodiment, UserA encrypts the data file using a system ID/public key provided by User Bduring a transaction with User A. In another embodiment, User A encryptsthe data file with a private key established by User A.

In an embodiment, the third party administrator of the system mayoptionally dictate data structure standards for certain data file typesto enable data integration from multiple sources. In an embodiment, thedata file may optionally be structured using XML or proprietarystructure that allows the data to be categorized, indexed and searched.As one representative example, if the data file corresponds to apurchase made by individual User B from merchant User A, the data filemay include a header that classifies the type of data contained thereinas a receipt and may include such data fields as merchant name, purchaselocation, purchase date, item purchased, quantity purchased, and price,for example. The data file may further include the system ID/public keyof User B as the intended recipient of the data file.

In step 420, the data file may be uploaded 142 from the User Aregistered subscriber computer 140 to the User A directory 120 on thesecure computer server 110. Uploading an encrypted data file to theserver 110 is similar to recording a document with a courthouse or othergovernment entity. The data submitted is maintained by the system 100and cannot be altered. Moreover, only a subscriber with a correspondingpublic or private key operable to decrypt the data file can access thedata.

In step 425 of the method 400, the system 100 creates a checksum of theuploaded data file. A checksum is like a signature for the data file,and the checksum will change if the data file is altered in any respect.The system 100 also adds tracking information, such as senderidentification, the checksum, a tracking number, and a time stamp to theheader of the data file. A checksum record of the data file comprisingthe checksum and the tracking information for the data file is thensaved to the public checksum directory 180 on the public computer server115.

In the next step 430 of the method 400, the encrypted data file may bedistributed 125 from the User A directory 120 to the appropriate User Bdirectory 130, 132, 134 on the secure computer server 110 correspondingto the system ID/public key data that was identified in the data file.In some embodiments, User B may establish rules for determining whetheror not the data file can be distributed 125 to the intended User Bdirectory 130, 132, 134. In this embodiment, User B has the option ofblocking certain types of data files or data files distributed bycertain subscribers or types of subscribers to the system 100.

In a representative example, the rules established by User B allow datafiles originating with User A to be distributed 125 to any of the User Bdirectories 130, 132, 134, and the rules also allow distribution 125 ofthe data file type that User A intends to distribute to User B. If thedata represents a purchase by User B from User A, then the data filerepresents a certified copy of an unalterable receipt for thattransaction so that User B is not required to track a paper receipt.

User A may also retain a copy of the data file on User A registeredsubscriber computer 140 or within its directory 120 on the securecomputer server. By retaining copies of such data file receipts,merchant User A will have the ability to track the individual shoppinghabits of individual User B as well as communicate with User B, evenwithout knowing the actual identity of User B. Thus, the present systemsand methods enable two subscribers of the system to conduct transactionsand communicate with one another while remaining anonymous.

In step 440 of the method 400, User B may download 154, 164 a copy ofthe data file from the User B directory 130, 132, 134 where the datafile is stored. In various embodiments, User B may use a registeredsubscriber computer 150, 160 associated with the designated directory130, 132, 134 to complete the download 154, 164 or User B may use anunregistered computer to complete the download 154, 164. User B may thendecrypt the downloaded data file using the User B private key if User Aencrypted the data file with the User B public key. Alternatively, UserB may decrypt the downloaded data file using the User A public key ifUser A encrypted the data file with the User A private key. Thedecrypted data file may then be saved to a User B computer 150, 160using the proprietary software 170. For financial transactions, thedecrypted data file saved to the User B computer 150, 160 may be used tolink the transaction to User B's detailed financial records, allowingfor data queries and/or hyper linking to related documents. The method400 ends at step 450.

In an embodiment, after the data file has been downloaded to the User Bcomputer 150, 160, all uploaded copies of the data file may be deletedfrom the system 100 while still retaining the ability to verify datafile integrity and file ownership in the future. In particular, becausethe system 100 comprises a unique public directory 180 of data filechecksums, anyone to whom User B provides a copy of the data file canre-encrypt the data file with User B's public key and compare thechecksum of the re-encrypted file with the checksum record held by thesystem 100 in public directory 180. If the checksums match, the datafile has not been altered, and re-encrypting with User B's public keyalso confirms that User B was the original recipient of the data filefrom the system 100. Thus, the system 100 still performs the function ofa repository that maintains records operable to prove the integrity of adata file.

In another embodiment, the systems and methods of the present disclosureenable long term verification of data file integrity, even if datastored on the system 100 is lost, and even if the third partyadministrator goes out of business and/or shuts down the system 100.

FIG. 5 is a flowchart of one simplified, representative embodiment ofsuch a method 500 for long term verification of data file integrityusing the subscriber-based system 100 of FIG. 1. In describing themethod 500 of FIG. 5, reference may be made to FIG. 1 for claritypurposes. It should be understood that the method 500 reflected in FIG.5 is for illustrative purposes only and that any other suitable methodsteps could be used in conjunction with, or in lieu of, the steps ofmethod 500 according to the present disclosure.

The method 500 begins at step 510 where a subscriber to the system, suchas User A, requests from the third party administrator relevant checksumrecords from the public checksum directory 180.

In step 520 of the method 500, the third party administrator encryptssuch relevant checksum records with the administrator's private key.

In step 530, the encrypted checksum records are distributed to thesubscriber's directory, such as User A's directory 120, on the securecomputer server 110, and in step 540, the encrypted checksum records aredownloaded 144 to the subscriber's computer, such as User A computer140.

In step 550, at any time the subscriber can then decrypt the checksumrecords using the third party administrator's public key to verify thatthe data files downloaded from the system 100 and stored on thesubscriber's computer have not been altered. Thus, if the system 100were to shut down or lose data, subscribers can still verify theintegrity of the data files that had been uploaded to the system 100before that date. The method 500 ends at step 560.

It is contemplated that the subscriber-based system 100 and the methods200, 300, 400, 500 described herein may have many differentapplications. In an embodiment, subscribers to the system 100 mayinclude all parties to a financial transaction, such as an individual, amerchant and a bank. In that case, the system 100 may enable individualsto pay merchants from a bank account at the point of sale.

FIG. 6 is a flowchart of one embodiment of a method 600 for making apayment from a bank account at a point of sale through thesubscriber-based system 100 of FIG. 1 according to an embodiment of thepresent disclosure. In describing the method 600 of FIG. 6, referencemay be made to FIG. 1 for clarity purposes. It should be understood thatthe method 600 reflected in FIG. 6 is for illustrative purposes only andthat any other suitable method steps could be used in conjunction with,or in lieu of, the steps of method 600 according to the presentdisclosure.

The method begins at step 610 at the point of sale terminal where theindividual subscriber provides the individual's system ID/public key andthe bank's system ID/public key to the merchant. In an embodiment, thesystem IDs/public keys may be broadcast from the individual's hand-heldcomputer, such as a PDA or smart phone. In another embodiment, thesystem IDs/public keys may be displayed on the PDA or smart phone as abar code suitable for scanning by the merchant.

In the next step 620, the merchant sends a data file request for paymentto the bank, encrypted with the bank's system ID/public key. In step630, the bank decrypts the merchant's data file request for paymentusing the bank's private key. The bank then looks up the individual'sbank account using the individual's system ID/public key to confirm thatsufficient funds are present to cover the purchase.

In step 640, the bank may send a confirmation number to the individual'shand-held computer. In an embodiment, the confirmation number isencrypted with the individual's system ID/public key. The hand-heldcomputer may then decrypt the confirmation number and display it as abar code, or transmit it electronically to the merchant's computer.

In step 650, the merchant may send the confirmation number back to thebank, and in step 660 the bank may transfer the funds from theindividual's bank account to the merchant's bank account. The method 600ends at step 670.

The subscriber-based system 100 described herein offers long-termstorage of data files that cannot be deleted or altered by anysubscribers of the system 100. Moreover, administrators of the system100 have no access to the content of encrypted data files. As such,these encrypted data files are ensured to remain intact in the originalform received by the system 100.

The subscriber-based system 100 may allow any type of data file to beuploaded, stored, distributed and/or downloaded in accordance with thepresent disclosure. Such data files may include, but are not limited to:purchase transaction records; financial statements; merchant discountsand offers; invoices; mail; government documents; voting ballots;medical records; insurance records; legal records; and music, books,movies and other digital media, for example. Thus, the system 100 andmethods 200, 300, 400, 500, 600 disclosed herein may support manydifferent possible applications.

In an embodiment, one such application is a financial management andrecord-keeping tool. The system 100 may be operable to automaticallyaggregate and categorize data files identified as receipts, for example.The system 100 may also receive credit card statements and bankstatements with hyperlinks to the individual receipts. The system 100may further include hyperlinks between a warranty document, a usermanual, and a receipt for the purchase of the item. In addition, thesystem 100 may interface with tax preparation software for preparationof tax returns.

Another application is a marketing tool for merchants. The system 100may enable merchants to distribute coupons or special offers to thedirectories of individual subscribers based on their purchasing habitswith that merchant, or based on their overall purchasing habitssummarized in a system-generated profile, for example.

Additional applications include sending mail to subscriber's of thesystem 100 electronically rather than through the regular postalservice; establishing a bidding system for purchasing items through thesystem 100; transferring medical records, insurance claim records, legaldocuments, government benefit transaction records (food stamps,unemployment, social security, student loans, etc.), voting registrationforms, voting ballots, and other important documentation through thesystem 100; storing raw research data and notes to establish averifiable timeline for development of the data; and many other possibleapplications. In some embodiments, a fee may be charged to a sendingsubscriber for distributing certain types of data files to receivingsubscribers via the system 100. In other embodiments, data files may besent COD to a subscriber's registered computer on the system 100.

It may be advantageous to set forth definitions of certain words andphrases used in this patent document. The term “couple” and itsderivatives refer to any direct or indirect communication between two ormore elements, whether or not those elements are in physical contactwith one another. The terms “include” and “comprise,” as well asderivatives thereof, mean inclusion without limitation. The term “or” isinclusive, meaning and/or. The phrases “associated with” and “associatedtherewith,” as well as derivatives thereof, may mean to include, beincluded within, interconnect with, contain, be contained within,connect to or with, couple to or with, be communicable with, cooperatewith, interleave, juxtapose, be proximate to, be bound to or with, have,have a property of, or the like.

In some embodiments, the subscriber-based system and/or subscriber-basedsystem server may be communicably coupled, for example through a networksuch as the Internet, to the user devices and/or the publicallyaccessible repository. The subscriber-based system may automaticallyanalyze the data files and determine a data integrity record such as thechecksum record.

In some embodiments, the subscriber-based system may generate aninterface to facilitate user interaction. The interface may beaccessible through the Internet, for example.

Although the subscriber-based system has been described as including aserver, the subscriber-based system may include other computing devicessuch as personal computers, laptops, etc.

Although data file has been described as the transmitted to thesubscriber-based system by a user, various types and/or sizes of datamay be transmitted and process as described. For example, XML datapackets may be transmitted to the subscriber-based system and processed.

Although users have been described as a human, a user may be a person, agroup of people, a person or persons interacting with one or morecomputers, and/or a computer system. Various implementations of thesystems and techniques described here can be realized in digitalelectronic circuitry, integrated circuitry, specially designed ASICs(application specific integrated circuits), computer hardware, firmware,software, and/or combinations thereof. These various implementations caninclude implementation in one or more computer programs that areexecutable and/or interpretable on a programmable system including atleast one programmable processor, which may be special or generalpurpose, coupled to receive data and instructions from, and to transmitdata and instructions to, a storage system, at least one input device,and at least one output device.

These computer programs (also known as programs, software, softwareapplications or code) include machine instructions for a programmableprocessor, and can be implemented in a high-level procedural and/orobject-oriented programming language, and/or in assembly/machinelanguage. As used herein, the term “machine-readable medium” refers toany computer program product, apparatus and/or device (e.g., magneticdiscs, optical disks, memory, Programmable Logic Devices (PLDs)) used toprovide machine instructions and/or data to a programmable processor,including a machine-readable medium that receives machine instructionsas a machine-readable signal. The term “machine-readable signal” refersto any signal used to provide machine instructions and/or data to aprogrammable processor.

To provide for interaction with a user, the systems and techniquesdescribed here can be implemented on a computer having a display device(e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor)for displaying information to the user and a keyboard and a pointingdevice (e.g., a mouse or a trackpad) by which the user can provide inputto the computer. Other kinds of devices can be used to provide forinteraction with a user as well; for example, feedback provided to theuser by an output device can be any form of sensory feedback (e.g.,visual feedback, auditory feedback, or tactile feedback); and input fromthe user can be received in any form, including acoustic, speech, ortactile input.

The systems and techniques described here can be implemented in acomputing system that includes a back end component (e.g., as a dataserver), or that includes a middleware component (e.g., an applicationserver), or that includes a front end component (e.g., a client computerhaving a graphical user interface or a Web browser through which a usercan interact with an implementation of the systems and techniquesdescribed here), or any combination of such back end, middleware, orfront end components. The components of the system can be interconnectedby any form or medium of digital data communication (e.g., acommunication network). Examples of communication networks include alocal area network (“LAN”), a wide area network (“WAN”), and theInternet.

The computing system may include clients and servers. A client andserver are generally remote from each other and typically interactthrough a communication network. The relationship of client and serverarises by virtue of computer programs running on the respectivecomputers and having a client-server relationship to each other.

While the present disclosure has described certain embodiments andgenerally associated methods, alterations and permutations of theseembodiments and methods will be apparent to those skilled in the art.Accordingly, the above description of example embodiments does notdefine or constrain this disclosure. Other changes, substitutions, andalterations are also possible without departing from the spirit andscope of this disclosure, as defined by the following claims.

What is claimed:
 1. A computer-implemented method for securely managingdata, the method comprising: storing encrypted data in a memory of asubscriber-based system maintained by a third-party administrator,wherein the stored encrypted data is unalterable; restricting access tothe stored encrypted data; creating a data integrity record associatedwith the encrypted data, wherein an integrity of the encrypted data isdetermined at least partially based on the created data integrityrecord; and transmitting the data integrity record to an accessiblerepository, wherein the accessible repository is accessible by devicesassociated with subscribers of the subscriber-based system and devicesassociated with nonsubscribers of the subscriber-based system.
 2. Themethod of claim 1, further comprising storing the data integrity recordin the accessible repository.
 3. The method of claim 1, furthercomprising: retrieving the data integrity record of the encrypted data;and determining an integrity of the decrypted data based on theretrieved data integrity.
 4. The method of claim 1, wherein the dataintegrity record includes tracking information and at least one checksumbased at least partially on the encrypted data.
 5. The method of claim1, further comprising: transmitting the encrypted data to a subscriberof the subscriber-based system; and removing the transmitted encrypteddata from the memory of the subscriber-based system, wherein the dataintegrity record associated with the encrypted data is stored in atleast one of a device associated with the subscriber of thesubscriber-based system or the accessible repository.
 6. The method ofclaim 1, further comprising: wherein the data integrity record may beused to verify the integrity of the encrypted data received from thesubscriber-based system or received from a party other than thesubscriber-based system.
 7. The method of claim 1, further comprisingdecrypting the encrypted data, wherein the decrypted data isunalterable.
 8. An article comprising non-transitory, machine-readablemedium storing instructions for managing data, the instructions operableto cause data processing apparatus to perform operations comprising:receiving encrypted data by a subscriber-based system maintained by athird-party administrator; transmitting the encrypted data for storagein a memory of the subscriber-based system, wherein the stored encrypteddata is unalterable; restricting access to the stored encrypted data;creating a data integrity record associated with the encrypted data,wherein an integrity of the encrypted data is determined at leastpartially based on the created data integrity record; and transmittingthe data integrity record to an accessible repository, wherein theaccessible repository is accessible by devices associated withsubscribers of the subscriber-based system and devices associated withnonsubscribers of the subscriber-based system.
 9. The article of claim8, wherein the instructions are further operable to cause dataprocessing apparatus to perform operations comprising: transmitting theencrypted data to a group of subscribers of the subscriber-based system.10. The article of claim 9, wherein transmitting the encrypted dataretains an anonymous status of at least one of the group of subscribersof the subscriber-based system.
 11. A system for securely managing datacomprising: a subscriber-based system comprising: a memory includingencrypted data that is unalterable; and a management module adapted to:receive the encrypted data; restrict access to the encrypted data; andcreate a data integrity record associated with the encrypted data,wherein an integrity of the encrypted data is determined at leastpartially based on the created data integrity record; and wherein thesubscriber-based system is managed by a third-party.
 12. The system ofclaim 11, wherein the management module is further adapted to transmitthe data integrity record to an accessible repository, wherein theaccessible repository is accessible by devices associated withsubscribers of the subscriber-based system and devices associated withnonsubscribers of the subscriber-based system.
 13. The system of claim11, further comprising a repository including the data integrity record,wherein the repository is accessible by devices associated withsubscribers of the subscriber-based system and devices associated withnonsubscribers of the subscriber-based system.
 14. The system of claim11, wherein the management module is further adapted to transmit theencrypted data.
 15. The system of claim 11, wherein the managementmodule is further adapted to remove the encrypted data from the memorywhen the encrypted data is transmitted.